if len(cfgInfos) == 0 && isUpdate {
		return ErrAdminConfigIDPCfgNameDoesNotExist
	}
	return ErrNone
}

// AddIdentityProviderCfg: adds a new IDP config for openid/ldap.
//
// PUT <admin-prefix>/idp-cfg/openid/dex1 -> create named config `dex1`
//
// PUT <admin-prefix>/idp-cfg/openid/_ -> create (default) named config `_`
func (a adminAPIHandlers) AddIdentityProviderCfg(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

	"github.com/minio/mux"
	xldap "github.com/minio/pkg/v3/ldap"
	"github.com/minio/pkg/v3/policy"
)

// ListLDAPPolicyMappingEntities lists users/groups mapped to given/all policies.
//
// GET <admin-prefix>/idp/ldap/policy-entities?[query-params]
//
// Query params:
//
//	user=... -> repeatable query parameter, specifying users to query for
//	policy mapping
//

	echo "minio3 ============"
	cat /tmp/minio3_1.log
	cat /tmp/minio3_2.log

	exit 1
}

cleanup() {
	echo "Cleaning up instances of MinIO"
	pkill minio
	pkill -9 minio
	rm -rf /tmp/minio-internal-idp{1,2,3}
}

cleanup

unset MINIO_KMS_KES_CERT_FILE
unset MINIO_KMS_KES_KEY_FILE
unset MINIO_KMS_KES_ENDPOINT
unset MINIO_KMS_KES_KEY_NAME

export MINIO_CI_CD=1
export MINIO_BROWSER=off

	@(env bash $(PWD)/buildscripts/race.sh)

test-iam: install-race ## verify IAM (external IDP, etcd backends)
	@echo "Running tests for IAM (external IDP, etcd backends)"
	@MINIO_API_REQUESTS_MAX=10000 CGO_ENABLED=0 go test -timeout 15m -tags kqueue,dev -v -run TestIAM* ./cmd
	@echo "Running tests for IAM (external IDP, etcd backends) with -race"

	exit_1
fi

sleep 10

./mc idp ldap policy entities minio1
./mc idp ldap policy entities minio2
./mc idp ldap policy entities minio3

./mc admin service restart minio1
./mc admin service restart minio2
./mc admin service restart minio3

sleep 10

./mc idp ldap policy entities minio1
./mc idp ldap policy entities minio2
./mc idp ldap policy entities minio3

		adminRouter.Methods(http.MethodPut).Path(adminVersion + "/idp-config/{type}/{name}").HandlerFunc(adminMiddleware(adminAPI.AddIdentityProviderCfg))
		adminRouter.Methods(http.MethodPost).Path(adminVersion + "/idp-config/{type}/{name}").HandlerFunc(adminMiddleware(adminAPI.UpdateIdentityProviderCfg))
		adminRouter.Methods(http.MethodGet).Path(adminVersion + "/idp-config/{type}").HandlerFunc(adminMiddleware(adminAPI.ListIdentityProviderCfg))

        defaultSettings.put("onelogin.saml2.sp.privatekey", "");
        defaultSettings.put("onelogin.saml2.idp.single_sign_on_service.binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        defaultSettings.put("onelogin.saml2.idp.single_logout_service.response.url", "");
        defaultSettings.put("onelogin.saml2.idp.single_logout_service.binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");

```sh
mc idp ldap policy attach myminio mypolicy --user='uid=james,cn=accounts,dc=myldapserver,dc=com'
```

```sh
mc idp ldap policy attach myminio mypolicy ----group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
```

To remove a policy association, use the similar `detach` command:

```sh

// ErrProviderConfigNotFound - represents a non-existing provider error.
var ErrProviderConfigNotFound = errors.New("provider configuration not found")

// GetConfigInfo - returns configuration and related info for the given IDP
// provider.
func (r *Config) GetConfigInfo(s config.Config, cfgName string) ([]madmin.IDPCfgInfo, error) {
	openIDConfigs, err := s.GetAvailableTargets(config.IdentityOpenIDSubSys)
	if err != nil {
		return nil, err

	// use that and validate the authentication request. If not, we assume this
	// is an STS request for a claim based IDP (if one is present) and set
	// roleArn = openid.DummyRoleARN.
	//
	// Currently, we do not support multiple claim based IDPs, as there is no
	// defined parameter to disambiguate the intended IDP in this STS request.
	roleArn := openid.DummyRoleARN
	roleArnStr := r.Form.Get(stsRoleArn)
	if roleArnStr != "" {